Xss-html&javaskcript&css&jquery&ajax

1. Set a different style list

<style> ul.a{list-style-tyrp:circle;}   Ul.b{list-style-type:square;}  Ul.c{list-style-type:upper-roman;} Ul.d{list-style-type:lower-alpha;}

</style>

<body> <ul class= "A" > <li>Coffe</li> <li>Tea</li></ul> <ul class= "B" ><li>Cofee</li><li>Tea</li></ul> </body>

2. Script engine processing

Simple JavaScript or VBScript <scritp>alert ("XSS") </script> embedded in a normal Web page, An XSS attack is a script that injects illegal JavaScript and VBScript into a user's browsing Web page, but the Web browser itself is not secure, but is responsible for scripting languages such as interpreting and executing JavaScript, without judging the user's own harm to the code itself.

Submit the form information for output processing <form action= "xss.php" method= "POST" >

Please enter your account: <br>

<input type= "text" Name=name "value=" "></input>

<input tyoe= "Submit" value= "commit" ></input><!---and so on > then the next Processing page is written like this

<body> <? php echo $_request[name];? ></body> directly outputs the account name to the page

Or use get trigger to submit to URL page <script>alert ("XSS") </script>

3. Reflective XSS

Reflective XSS Cross-site scripting refelcted cross-site scriptting non-persistent parametric cross-site scripting, primarily malicious scripts attached to URL address parameters

But reflective XSS, the general hacker launched a cross-site script attack before the careful layout of everything, malicious URL exposure problems, can be resolved through a variety of encoding conversion. or use the decimal, hexadecimal, escape and other encoding forms to confuse the customer.

4, persistent XSS persistent cross-site Scripting is a storage-type cross-site script Stored cross-site Scripting Such CSS does not require the user to click a specific URL to perform cross-site scripting, the attacker will JAVASC The Ript code is uploaded or stored on the server, and the browsing is started.

Xss-html&javaskcript&css&jquery&ajax